Authlib

Authlib

关注
发信
关注(28)粉丝(399)

Python Authlib烧瓶-如何显式执行authorize_redirect?

本文介绍了Python Authlib烧瓶-如何显式执行authorize_redirect?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有代码授予流程"使用authlib flask集成登录时运行良好:

I have "code grant flow" login with the authlib flask integration working nicely:

redirect_uri = url_for('authorize', _external=True)
return oauth.myOauth2.authorize_redirect(redirect_uri)

出于某种原因,我决定我想尝试使重定向更加明显.在重定向到登录页面之前,请向用户显示我的应用程序一段时间,对于某些用户可能不熟悉.

For some reason I decided I want to try to make the redirect a bit more visible. Show users my app for a moment before redirecting to a login page that may be more unfamiliar for some.

现在这样的作品:

redirect_uri = url_for('authorize', _external=True)
aurl = oauth.myOauth2.create_authorization_url(redirect_uri)
# what to do with aurl['state']?
return render_template('redirect.html', delay=2,
                       redirect_notice='Redirecting to login', 
                       redirect_url=aurl['url'])

但是,当我重定向回授权"页面时,登录后,我得到 authlib.integrations.base_client.errors.MismatchingStateError:mismatching_state:CSRF警告!状态在请求和响应中不相等.我想是因为我没有保存 aurl ['state'] .

However, when I'm redirected back to "authorize" after login, I get authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response. which I presume is because I did not save aurl['state'].

但是我该怎么做呢?我很难弄清楚authorize_redirect是如何做到的.
也许总有更好的方法?任何帮助表示赞赏!

But how can I actually do that? I'm having a hard time teasing out how authorize_redirect does it.
Maybe there is a better way altogether? Any help appreciated!

推荐答案

有两种方法可以完成您的工作:

There are two ways to get your job done:

  1. .authorize_redirect 提取URL:
  1. extract url from .authorize_redirect:
redirect_uri = url_for('authorize', _external=True)
resp = oauth.myOauth2.authorize_redirect(redirect_uri)
url = resp.headers.get('Location')
return render_template('redirect.html', delay=2,
                       redirect_notice='Redirecting to login', 
                       redirect_url=url)
  1. 使用 .save_authorize_data 保存CSRF和其他数据:
  1. use .save_authorize_data to save CSRF and other data:
redirect_uri = url_for('authorize', _external=True)
rv = oauth.myOauth2.create_authorization_url(redirect_uri)
oauth.myOauth2.save_authorize_data(request, redirect_uri=redirect_uri, **rv)
return render_template('redirect.html', delay=2,
                       redirect_notice='Redirecting to login', 
                       redirect_url=rv['url'])

您可以从以下网站学习它: https://github.com/lepture/authlib/blob/master/authlib/integrations/flask_client/remote_app.py#L51

You can learn it from: https://github.com/lepture/authlib/blob/master/authlib/integrations/flask_client/remote_app.py#L51

这篇关于Python Authlib烧瓶-如何显式执行authorize_redirect?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-20 19:24
Powered by LMLPHP ©2024 Authlib 0.004376